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REMARKS 

The Applicant and the undersigned thank Examiner Laforgia for his careful review of this 
Application. Consideration of the present application is respecttuUy requested in light of the 
above amendments to the claims and in view of the following remarks. Claims MO have been 
rejected and Claim 10 has been objected to. Applicant has amended Claims 1, 3-8, and 10. 
Applicant has canceled Claim 9. Applicant has added Claims 11-47. Upon entry of- the 
amendments. Claims 1-8 and 10-47 are pending in the subject application with none having been 
allowed. The independent claims for this application are Claims 1 , 7, 1 0, and 37. 

L Claim Rejections under 35 U.S.C $ 102(e) 

The Examiner rejected Claims 7 and 8 under 35 U.S.C. § 102(e) as being anticipated by 
U.S. Patent No. 6,185,689 to Todd, Sr. et al. ("Todd"). The Applicant respectfully offers the 
following remarks to traverse these pending rejections. 

A. The Invention nf Independent Claim 7. as Amended is Distinguishable from the Todd 
Patent 

The rejection of independent Claim 7, as amended, is respectfully traversed. It is 
respectfully submitted that Todd fails to teach or suggest all of the recitations enumerated in 
amended Claim 7. Specifically, Todd does not teach or suggest a method for auditing security of 
a remote computer system comprising the step of determining which of a plurality of scanning 
machines is available to perform the security audit scan. 

1. Todd Does Not Teach or S u rest the Ste n of Determining Which of a Plurality of 
Scanninp Machines is Available 

Todd fails to teach, suggest, or make obvious determining which of the plurality of 
scanning machines is available to perform the security audit scan as set out in amended Claim 7. 
Scanning machine availability is determined by examining a schedule for each of the scanning 
machines. An examination of the schedules allows for the identification of certain scanning 
machines that are conducting a security audit scan or are scheduled to conduct a security audit 
scan. The available scanning machines include all of the scanning machines except for the 
certain scanning machines. 

The Examiner admits that Todd does not teach the step of evaluating which of a plurality 
of scanning machines is available to perform the security audit scan because Todd teaches only 
one scanning machine. Office Action at 7 (Analysis of original Claim 9). However, the 
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Examiner states that «[i]t would have been obvious to one of ordinary skill in the art at the time 
ofmemventiontodupucatefce^^ Id The Examiner further 

states that it would be "obvious to choose one of the plurality of scanning machines based on 
location or services provided, such as a variety of attacks offered on [the scanning imchine] » 
Id The step of determining which of a plurality of scanning machines is available to perform the 
security audit scan in Claim 7, as amended, does not satisfy either of the reasons set forth by the 
Examiner for being obvious to one of ordinary skill in the art at the time of the invention. 

Amended Claim 7 is not an apparatus claim that merely duplicates the use of a single 
part. Instead, it is a method claim that, in part, determines which of a plurality of scanning 
machines is available to perform the security audit scan on a remote computer system. Each 
scanning machine, of amended Claim 7, is capable of conducting a plurality of security 
assessments. Since each scanning machine of amended Claim 7 is capable of conducting a 
plurality of security assessments, it would be unnecessary to select a scarming machine based on 
the security assessments that a particular scanning machine provides. Further, the availability of 
scanning machines is determined by identifying certain scanning machines that are conducting a 
security audit scan or are scheduled to conduct another security audit scan. The available 
scanning machines comprise all of the scanning machines except for the certain scanning 
machines. 

In view of the foregoing, Applicant respectfully submits that the invention of amended 
Claim 7 does not determine availability based on distance to the remote computer system from 
the scanning machine. Therefore, Todd fails to teach, suggest, or make obvious a method for 
detenmning which of a plurality of scanning machines is available to perform the security audit 
scan, as set out in amended Claim 7. Accordingly, reconsideration and withdrawal of this 
rejection of amended Claim 7 is respectfully requested. 

II. riaim Rejections Under 3 S 1J.S.C S 103(a) 

The Examiner rejected Claims 1-6 under 35 U.S.C. § 1 03(a) as being unpatentable over 
U.S. Patent No. 6,205,552 to Fudge ("Fwrfge") in view of Todd. The Examiner rejected Claim 9 
under 35 U.S.C. § 103(a) as being unpatentable over Todd. The Examiner rejected Claim 10 
under 35 U.S.C. § 103(a) as being unpatentable over Fudge. The Applicant respectfully offers 
the following remarks to traverse these pending rejections. 
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A . i ^ntort Claim J , Amended, is Disrinfniishable from Fudre in view of Todd 

The rejection of independent Claim 1 is respectfully traversed. It is respectfully 
submitted that Fudge in view of Todd fails to teach or suggest all of the recitations in amended 
Claim 1. The FudgeJTodd combination fails to teach or suggest a central computer programmed 
to evaluate a database to determine if the security audit scan is currently scheduled to be run on 
one of the scanning machines, as set out in amended Claim 1 . The FudgefTodd combination also 
fails to teach or suggest a central computer programmed to determine which of the plurality of 
scanning machines is available to perform the security audit scan, as recited in amended Claim 1. 
i The FudeefTodd Combination F ails to Teach or Suggest a Central Computer 

Pr immed to FvnWe a. Dat a W to Determine if a Security Audit Scan is 

Scheduled 

The FudgeJTodd combination fails to teach or suggest an apparatus for auditing security 
of a remote computer, comprising a central computer programmed to evaluate a database to 
determine if a security audit scan is currently scheduled to be run on one of the scanning 
machines. The central computer has a memory that is configured as a database server and a 
scheduler. The central computer is in communication with the plurality of scanning machines. 

The Examiner states that "Fudge does explicitly disclose evaluating a database to 
determine if a security audit is scheduled to be run." Office Action at 4. To support his 
statement, the Examiner relies on column 3, lines 56-59 of Fudge, This portion of Fudge 
describes a processor having a real-time clock so that entries in the run log and scan log have the 
proper time of entry. The run log contains the results of the vulnerability scan, while the scan 
log contains address profiles that are scanned by scanning machine. Fudge, col. 3:51-59. 

Next, the Examiner relies on a portion of Fudge that states "the mere presence of a new 
profile or a separate notification mechanism can be used to trigger the vulnerability scanner to 
act upon a profile in [the] scan log." Fudge, col. 4:35-42. Finally, the Examiner relies on a 
portion of Fudge stating that "a periodic report summarizing the progress and results of 
scaruiing network ... can be issued on an hourly, daily, weekly, or monthly schedule." Fudge, 
col. 4:61-67 (emphasis added). The Examiner also states that one of ordinary skill would use a 
database to trigger a vulnerability scan based on the last rime a vulnerability scan was completed. 
Office Action at 5. 

Applicant respectfully submits that the Examiner's arguments fail to make out a prima 
facie case that the invention of Claim 1 is unpatentable over the Fudge/Todd combination. 
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While Fudge teaches the use of a real-time clock, Fudge discloses use of this clock only to 
record the time results during a security audit scan and during an address filtering process. 
Fudge does not teach or suggest evaluating a database to determine if the security audit scan is 
currently scheduled to be run on one of the scanning machines. 

With regard to the notification mechanism of Fudge, it only notifies a user or the 
scanning system that a new address profile has been introduced into the remote computer 
system. Fudge does not teach or suggest using a notification mechanism to evaluate the database 
to determine if the security audit scan is currendy scheduled, as in amended Claim 1 . Fudge's 
reference to the completion of a task on an hourly, daily, weekly, or monthly schedule is in 
regards to the result reporting mechanism of the security audit scan, which occurs after a 
security audit scan has commenced- On the other hand, the central computer of amended Claim 
1 determines if a scan is scheduled to be run. Therefore, Fudge fails to teach or suggest a central 
computer programmed to evaluate a database to determine if a security audit scan is currently 
scheduled to be run on one of the scanning machines, as set out in amended Claim 1. 

2. The Fudae/Todd Combination Fails to Teach or Suggest a Central Computer 
Programmed to Determine which of a Plurality of Scanning Machines is 
Available to Perform a Security Audit Scan 

The FudgeJTodd combination fails to teach or suggest an apparatus for auditing security 
having a central computer rjrograrnmed to determine which of the plurality of scanning machines 
is available to perform the security audit scan, as set out in amended Claim 1. Each scanning 
machine of Claim 1, as amended, is capable of conducting multiple types of security 
assessments. Availability of the scanning machines is determined by examining a schedule for 
each scanning machine to identify certain scanning machines that are conducting another 
security audit scan or are scheduled to conduct another security audit scan. The available 
scanning machines include all of the plurality of scanning machines except for the certain 
scanning machines. 

The Examiner admits that Fudge does not teach a plurality of scanning machines. Office 
Action at 4. However, the Examiner asserts that "[i]t would have been obvious to one of 
ordinary skill in the art at the time of the invention to duplicate the single scanning machine of 
Fudge." Id. The Examiner further asserts that it would be "obvious to choose one of the 
plurality of scanning machines based on location or services provided, such as a variety of 
attacks offered on [the scanning machine;] " Id The step of detennining which of the plurality 
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of scanning machines is available to perform the security audit scan in Claim 1, as amended, 
does not satisfy either of the reasons set forth by the Examiner for being obvious to one of 
ordinary skill in the art at the time of the invention. 

First, the plurality scanning machines of amended Claim 1 are each individually capable 
of conducting multiple types of security assessments. Since each scanning machine is capable of 
conducting multiple types of security assessments in amended Claim 1, it would be unnecessary 
for the central computer to select a scanning machine based on the security assessments that a 
particular scanning machine provides. Further, the central computer of amended Claim 1 
determines the available scanning machines by identifying certain scanning machines that are 
conducting a security audit scan or are scheduled to conduct another security audit scan. The 
available scanning machines comprise all of the of the scanning machines except for the certain 
scanning machines. In contrast to the cited prior art references, amended Claim 1 does not 
require determining the availability of scanning machines based on distance between the 
scanning machine and the remote computer system. Therefore, the FudgefTodd combination 
fails to teach or suggest an apparatus for auditing security having a central computer 
programmed to determine which of the plurality of scanning machines is available to perform the 
security audit scan as set out in amended Claim 1 . Accordingly, reconsideration and withdrawal 
of this rejection of amended Claim 1 is respectfully requested. 
B. Inde pendent Claim 10. as Amended is D istinguishable from Fudge 

The rejection of independent Claim 10 is respectfully traversed. It is respectfully 
submitted that Fudge fails to teach, suggest, or make obvious all of the recitations enumerated in 
amended Claim 10. Fudge fails to teach or suggest a method of conducting a security audit scan 
in response to a determination that the scheduled security audit scan of the remote computer 
system is to be executed in a predetermined period of time. Further, Fudge fails to teach or 
suggest a method of recording a scheduled security audit scan in a database. 

1. Fudee Fails to Teach or Suggest Causi ng the Scanning System to Execute the 
Scheduled Security Audit Scan in Response to a Det errnination that the Scheduled 
Security Audit Scan is to be Executed 
Fudge fails to teach or suggest a method of causing the scanning system to execute the 
scheduled security audit scan in response to a determination that the scheduled security audit 
scan is to be executed, as set-out in amended Claim 10. Fudge teaches conducting a 
vulnerability scan "upon each address profile qualified by the address filtering process during a 
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filtering pass" Fudge, col. 4:42-44. The address filtering process sorts through available 
addresses on a network and determines candidates for "selective vulnerability testing." Fudge, 
col 3-64-66 The address filtering process is a necessary precursor of the audit scanning step in 
Fudge in order to obtain its goal of " S can[ning] a given shareable device for only those services 
provided by that shareable device rather than taking the time to scan for all possible services," 
because such a method would "significantly reduce the time and cost involved in scanning for 
vulnerable devices." Fudge, col. 2:19-26. 

Fudge also teaches a method of conducting a security audit scan upon receipt of a new 
address profile or upon the notification that a new address profile exists. Fudge, col. 4:38-41 . 
The address profile is a listing of all of the services detected for a particular address. Fudge, coL 
4:35-38. The address listing is not a security audit scan. Further, the notification mechanism of 
Fudge is not a determination that the scheduled security audit scan is to be executed in a 
predetermined period of time. Therefore, F M ^ e fails to teach or suggest a method of causing the 
scanning system to execute the scheduled security audit scan in response to a determination that 
the scheduled security audit scan is to be executed in a predetermined period of time, as set-out 
in amended Claim 10. 

2 Pails to Teach or Suer«st Recording the Scheduled Security Audit Scan in 

a Database 

Fudge foils to teach or suggest a method of recording a scheduled security audit scan in a 
database, as recited in amended Claim 10. The Exarniner states that one of ordinary skill would 
use a database to trigger a vulnerability scan based on the last time a vulnerability scan was 
completed. Office Action at 5. The Examiner supports this position by pointing to the fact that 
Fudge suggests a method of performing a security audit periodically, be it hourly, daily, weekly, 
or monthly, and that Fudge discloses a notification mechanism. Id at 4-5. Respectfully, the 
Examiner's arguments fail for two reasons. First, as mentioned above, Fudge's notification 
mechanism notifies a user or the scanning system that a new address profile has been 
introduced into the remote computer system. Second, Fudge's reference to the completion of a 
task on an hourly, daily, weekly, or monthly schedule is in regards to the issuance of "a periodic 
report summarizing the progress and results of the scanning network." Fudge, col. 4:61-67. 
Thus, while Fudge does allude to the use of time, it is not in reference to recording a scheduled 
security audit scan in a database, as recited in amended Claim 10. 
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Additionally, Fudge teaches that the address filtering process can be initiated by a "pre- 
programmed or time-triggered event." Fudge, col- 4: 2-4. While the time-triggered event of 
Fudge may teach or suggest the scheduling of an address filtering process, it does not teach or 
suggest recording a scheduled security audit scan in a database. Therefore, Fudge fails to teach 
or suggest all of the recitations of amended Claim 10. Accordingly, reconsideration and 
withdrawal of this rejection of amended Claim 10 is respectfully requested. 
c Th. Tnventirms rfP r^ Mm 2-* , 8 »nd 11-36 are Distinguishable from the Cited 

M 

The Applicant respectfully submits that the above-identified dependent claims are 
allowable because the independent claims from which they depend, Claims 1. 7, and 10 are 
patentable over the cited references. Claims 8 and 11-23 depend from independent Claim 7. 
Claims 24-36 depend from independent Claim 10. The Applicant also respectfully traverses the 
Examiner's assertions about these claims and submits that the recitations of these dependent 
claims are of patentable significance. The Applicant respectfully requests that the Examiner 
reconsider and withdraw the pending rejection of Claims 2-6, 8 and 1 1-36. 

TTT. Addition ftf New Cla ims 11-46 

Applicant has added new independent Claim 37 and dependent Claims 11-35 and 38-47. 
Applicant and the undersigned respectfully request that independent Claim 37 and the claims mat 
depend from it, Claims 38-47 be passed to allowance. The new claims find clear support in the 
specification and do not contain any new matter. 

IV. Claim Objection Due ta Informalities 

The Examiner objected to Claim 10 because it contained two steps denoted with the 
letter, "b" The Applicant has amended Claim 10 to eliminate the error. Therefore, the 
Examiner's objection to Claim 10 has been rendered moot. Accordingly, reconsideration and 
withdrawal of the objection to Claim 10 are respectfully requested. 
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CONCLUSION 

The foregoing is submitted as a full and complete response to the Official Action mailed 
on January 2, 2004. The Applicant has amended the claims and has submitted remarks to 
traverse the objections and rejections of pending Claims 1-8 and 10-47. The Applicant has 
shown above that Claims 1-8 and 10-47. are allowable over the art cited by the Examiner and 
respectfully request that the Examiner withdraw all pending rejections and/or objections to 
Claims 1-8 and 10-47. If the Examiner believes that there are any issues that can be resolved by 
a telephone conference, or that there are any normalities that can be corrected by an Examiner's 
amendment, a telephone call to the undersigned at (404) 572-4691 to discuss same is respectfully 
requested. 



Respectfully submitted, 




lames M. Harmon 
leg. No. 48,565 



KING & SPALDING LLP 
45* Floor 

191 Peachtree Street 
Atlanta, Georgia 30303 
404.572.4691 

KS# 05456.100001 (Auditing Network) 
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